Using firebase in our application

Question

I've just started to use firebase in my web application. It seems awesome as of now. But am just worried about something.

In our head section of our html file I configure the application keys:

     var config = {
         apiKey:  "",
         authDomain:  "",
         databaseURL:  "",
         storageBucket:  "",
      }

however any user can check the webpage source and view the code. So am just concerned about the security of our code.

No need to be concerned, including this information in your web page is not a security risk. See http://stackoverflow.com/questions/37482366/what-is-the-firebase-apikey-for, http://stackoverflow.com/questions/37482366/what-is-the-firebase-apikey-for — Frank van Puffelen, Jun 21 '16 at 13:40

Justin Go · Answer 1 · 2016-06-21T14:19:16.420

1

The firebase api key is required to connect the client to your firebase instance. It is not a security risk.

It is up to you to control the data being written and read using the firebase security rules https://firebase.google.com/docs/database/security/

edited Jun 21 '16 at 14:19

answered Jun 21 '16 at 10:58

Justin Go

what should I do when I use firebase in my html page. to get it working anyways I need to configure it in my header of my page within script tag. – Akhil K Nambiar Jun 21 '16 at 11:04
@AkhilKNambiar fire base should not be used in the way you're describing. – George Stocker Jun 21 '16 at 11:37
@GeorgeStocker I just went through the description for web. Can you please explain. Just a link would be fine. – Akhil K Nambiar Jun 21 '16 at 11:47
*firebaser here* The Firebase apiKey just identifies your project on the server. For an app to connect to the correct back-end, including the apiKey in the project is required. This is not a security risk. – Frank van Puffelen Jun 21 '16 at 13:39
what @FrankvanPuffelen said is true. I confused the api key with the secret key. let me update my answer – Justin Go Jun 21 '16 at 14:16

1 Answers1